Conan
-
Posts
5 -
Joined
-
Last visited
Everything posted by Conan
-
thanks, interesting was the process something like this? 1. build 2. post-build script 3. sign what was the fix? sorry if annoying questions, piqued my interest
-
Beautiful! That works perfectly, thank you again. Just out of curiosity, what was the issue with the plugin's managed DLLs; signtool saying signed yet explorer and Get-AuthenticodeSignature saying not signed?
-
yay! thank you!! seriously, much appreciated. you just made a bunch of sysadmin and security types so very happy not sure if this helps, looks like there's more than one method, not sure how much of a difference that makes ...i could be completely off the mark https://learn.microsoft.com/en-us/dotnet/standard/assembly/sign-strong-name do you get a different result with and without the "/ms" parameter? sigtool.exe verify /ms https://learn.microsoft.com/en-us/dotnet/framework/tools/signtool-exe /ms should be the default as of Win8 don't think that will be it, but first thing that comes to mind. Might be able to rule out some WinVerifyTrust / CertPaddingCheck related issue at least. context: It's an old issue that recently got some attention after being exploited in the wild. Priority got increased, might have some changes in behaviour i've missed. https://learn.microsoft.com/en-us/security-updates/securityadvisories/2014/2915720 https://www.tenable.com/plugins/nessus/166555 Yes, those are strings that should be DWORD, Either work, but strings is what the MSFT doco uses ... yeah lol [HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config] "EnableCertPaddingCheck"="1" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config] "EnableCertPaddingCheck"="1"
-
arh, my apologies, that's quite the impact. Did not realise. greatly appreciate you responding, surprised actually. Just transferred $20 USD / $30 AUD, been using PND for many years, should be more, sorry. Transaction ID: 5A482066KE265925W Not being pushy, no expectations. The above is long over due and unrelated this request. This is mostly related to running PND in an enterprise environment, i can have chat with the boss, see if they'd be willing to pay for this as a feature request. Can't make any promises, don't know if they'll go for it. I wasn't able to reproduce the rate limit issue. Are you able to share how of the signing process works in the build? Will help if i can. through PowerShell, was able to sign 261 files in 68 seconds in one go, passing an array. 71 seconds when iterating. ...Not sure how valid a test this is though guessing you're using visual studio / signtool looks like signtool can take a | delimited file list, not sure if that helps https://stackoverflow.com/questions/65985951/sign-multiple-files-with-signtool-exe there's a list of free timestamp servers, might be able to divvy up across multiple servers https://gist.github.com/Manouchehri/fd754e402d98430243455713efada710 Not sure if all the DLLs change with each build. Might be able to sign on change? Probably a messy bad idea, but maybe a "public release" build that signs everything, and a "non-plublic release" that doesn't? If it's no worth the bother, or just rather not, that's totally cool to Set-StrictMode -Version 'latest' $ErrorActionPreference = 'stop' #New-SelfSignedCertificate -CertStoreLocation Cert:\CurrentUser\My -Type CodeSigningCert -Subject 'test01' $myCodeSignCert = Get-Item -LiteralPath Cert:\CurrentUser\My\A677A404C028940D31CC3EE16C7BAE6932367A61 $FilesNotSigned = Get-ChildItem -LiteralPath 'C:\temp\paint.net' -File | Where-Object -FilterScript { $PSItem.Extension -eq '.dll' } | Get-AuthenticodeSignature | Where-Object -FilterScript { $PSItem.Status -ne 'Valid' } | Select-Object -ExpandProperty 'Path' Measure-Command -Expression { Set-AuthenticodeSignature -TimestampServer 'http://timestamp.digicert.com' -Certificate $myCodeSignCert -FilePath $FilesNotSigned } #stdout Days : 0 Hours : 0 Minutes : 1 Seconds : 8 Milliseconds : 167 Ticks : 681673557 TotalDays : 0.000788974024305556 TotalHours : 0.0189353765833333 TotalMinutes : 1.136122595 TotalSeconds : 68.1673557 TotalMilliseconds : 68167.3557 Measure-Command -Expression { $FilesNotSigned | ForEach-Object -Process { Set-AuthenticodeSignature -TimestampServer 'http://timestamp.digicert.com' -Certificate $myCodeSignCert -FilePath $PSItem } } Days : 0 Hours : 0 Minutes : 1 Seconds : 11 Milliseconds : 575 Ticks : 715756974 TotalDays : 0.000828422423611111 TotalHours : 0.0198821381666667 TotalMinutes : 1.19292829 TotalSeconds : 71.5756974 TotalMilliseconds : 71575.6974
-
Hi, Would it be possible the DLLs to be signed as part of the build process? same as "C:\Program Files\paint.net\paintdotnet.exe" It's more of a thing for environments that have application allow listing. Easier / more secure to use Authenticode than maintaining file hashes / allowing based on path. Cheers https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control https://www.cisa.gov/uscert/sites/default/files/cdm_files/FNR_NIS_OTH_AWL_Strategic_Planning_Guide.pdf Get-ChildItem -LiteralPath 'C:\Program Files\paint.net\' -File | Where-Object -FilterScript { $PSItem.Extension -eq '.dll' } | Get-AuthenticodeSignature | Where-Object -FilterScript { $PSItem.Status -ne 'Valid' } | Select-Object -ExpandProperty 'Path' C:\Program Files\paint.net\Accessibility.dll C:\Program Files\paint.net\CommunityToolkit.HighPerformance.dll C:\Program Files\paint.net\ComputeSharp.Core.dll C:\Program Files\paint.net\ComputeSharp.D2D1.dll C:\Program Files\paint.net\Crc32.NET.dll C:\Program Files\paint.net\DirectWriteForwarder.dll C:\Program Files\paint.net\Interop.WIA.dll C:\Program Files\paint.net\K4os.Compression.LZ4.dll C:\Program Files\paint.net\Microsoft.CSharp.dll C:\Program Files\paint.net\Microsoft.VisualBasic.Core.dll C:\Program Files\paint.net\Microsoft.VisualBasic.dll C:\Program Files\paint.net\Microsoft.VisualBasic.Forms.dll C:\Program Files\paint.net\Microsoft.Win32.Primitives.dll C:\Program Files\paint.net\Microsoft.Win32.Registry.AccessControl.dll C:\Program Files\paint.net\Microsoft.Win32.Registry.dll C:\Program Files\paint.net\Microsoft.Win32.SystemEvents.dll C:\Program Files\paint.net\Mono.Cecil.dll C:\Program Files\paint.net\Mono.Cecil.Mdb.dll C:\Program Files\paint.net\Mono.Cecil.Pdb.dll C:\Program Files\paint.net\Mono.Cecil.Rocks.dll C:\Program Files\paint.net\mscorlib.dll C:\Program Files\paint.net\netstandard.dll C:\Program Files\paint.net\Newtonsoft.Json.dll C:\Program Files\paint.net\PaintDotNet.Base.dll C:\Program Files\paint.net\PaintDotNet.Collections.dll C:\Program Files\paint.net\PaintDotNet.ComponentModel.dll C:\Program Files\paint.net\PaintDotNet.Core.dll C:\Program Files\paint.net\PaintDotNet.Data.dll C:\Program Files\paint.net\paintdotnet.dll C:\Program Files\paint.net\PaintDotNet.Effects.Core.dll C:\Program Files\paint.net\PaintDotNet.Effects.dll C:\Program Files\paint.net\PaintDotNet.Effects.Gpu.dll C:\Program Files\paint.net\PaintDotNet.Effects.Legacy.dll C:\Program Files\paint.net\PaintDotNet.Framework.dll C:\Program Files\paint.net\PaintDotNet.Fundamentals.dll C:\Program Files\paint.net\PaintDotNet.ObjectModel.dll C:\Program Files\paint.net\PaintDotNet.Plugins.Compatibility.dll C:\Program Files\paint.net\PaintDotNet.Primitives.dll C:\Program Files\paint.net\PaintDotNet.PropertySystem.dll C:\Program Files\paint.net\PaintDotNet.Resources.dll C:\Program Files\paint.net\PaintDotNet.Runtime.dll C:\Program Files\paint.net\PaintDotNet.SystemLayer.dll C:\Program Files\paint.net\PaintDotNet.SystemLayer.Native.x64.dll C:\Program Files\paint.net\PaintDotNet.Systrace.dll C:\Program Files\paint.net\PaintDotNet.UI.dll C:\Program Files\paint.net\PaintDotNet.Windows.Core.dll C:\Program Files\paint.net\PaintDotNet.Windows.dll C:\Program Files\paint.net\PaintDotNet.Windows.Framework.dll C:\Program Files\paint.net\PhotoSauce.MagicScaler.dll C:\Program Files\paint.net\PointerToolkit.dll C:\Program Files\paint.net\PointerToolkit.TerraFX.Interop.Windows.dll C:\Program Files\paint.net\PresentationCore.dll C:\Program Files\paint.net\PresentationFramework-SystemCore.dll C:\Program Files\paint.net\PresentationFramework-SystemData.dll C:\Program Files\paint.net\PresentationFramework-SystemDrawing.dll C:\Program Files\paint.net\PresentationFramework-SystemXml.dll C:\Program Files\paint.net\PresentationFramework-SystemXmlLinq.dll C:\Program Files\paint.net\PresentationFramework.Aero.dll C:\Program Files\paint.net\PresentationFramework.Aero2.dll C:\Program Files\paint.net\PresentationFramework.AeroLite.dll C:\Program Files\paint.net\PresentationFramework.Classic.dll C:\Program Files\paint.net\PresentationFramework.dll C:\Program Files\paint.net\PresentationFramework.Luna.dll C:\Program Files\paint.net\PresentationFramework.Royale.dll C:\Program Files\paint.net\PresentationUI.dll C:\Program Files\paint.net\ReachFramework.dll C:\Program Files\paint.net\System.AppContext.dll C:\Program Files\paint.net\System.Buffers.dll C:\Program Files\paint.net\System.CodeDom.dll C:\Program Files\paint.net\System.Collections.Concurrent.dll C:\Program Files\paint.net\System.Collections.dll C:\Program Files\paint.net\System.Collections.Immutable.dll C:\Program Files\paint.net\System.Collections.NonGeneric.dll C:\Program Files\paint.net\System.Collections.Specialized.dll C:\Program Files\paint.net\System.ComponentModel.Annotations.dll C:\Program Files\paint.net\System.ComponentModel.DataAnnotations.dll C:\Program Files\paint.net\System.ComponentModel.dll C:\Program Files\paint.net\System.ComponentModel.EventBasedAsync.dll C:\Program Files\paint.net\System.ComponentModel.Primitives.dll C:\Program Files\paint.net\System.ComponentModel.TypeConverter.dll C:\Program Files\paint.net\System.Configuration.ConfigurationManager.dll C:\Program Files\paint.net\System.Configuration.dll C:\Program Files\paint.net\System.Console.dll C:\Program Files\paint.net\System.Core.dll C:\Program Files\paint.net\System.Data.Common.dll C:\Program Files\paint.net\System.Data.DataSetExtensions.dll C:\Program Files\paint.net\System.Data.dll C:\Program Files\paint.net\System.Design.dll C:\Program Files\paint.net\System.Diagnostics.Contracts.dll C:\Program Files\paint.net\System.Diagnostics.Debug.dll C:\Program Files\paint.net\System.Diagnostics.DiagnosticSource.dll C:\Program Files\paint.net\System.Diagnostics.EventLog.dll C:\Program Files\paint.net\System.Diagnostics.EventLog.Messages.dll C:\Program Files\paint.net\System.Diagnostics.FileVersionInfo.dll C:\Program Files\paint.net\System.Diagnostics.PerformanceCounter.dll C:\Program Files\paint.net\System.Diagnostics.Process.dll C:\Program Files\paint.net\System.Diagnostics.StackTrace.dll C:\Program Files\paint.net\System.Diagnostics.TextWriterTraceListener.dll C:\Program Files\paint.net\System.Diagnostics.Tools.dll C:\Program Files\paint.net\System.Diagnostics.TraceSource.dll C:\Program Files\paint.net\System.Diagnostics.Tracing.dll C:\Program Files\paint.net\System.DirectoryServices.dll C:\Program Files\paint.net\System.dll C:\Program Files\paint.net\System.Drawing.Common.dll C:\Program Files\paint.net\System.Drawing.Design.dll C:\Program Files\paint.net\System.Drawing.dll C:\Program Files\paint.net\System.Drawing.Primitives.dll C:\Program Files\paint.net\System.Dynamic.Runtime.dll C:\Program Files\paint.net\System.Formats.Asn1.dll C:\Program Files\paint.net\System.Formats.Tar.dll C:\Program Files\paint.net\System.Globalization.Calendars.dll C:\Program Files\paint.net\System.Globalization.dll C:\Program Files\paint.net\System.Globalization.Extensions.dll C:\Program Files\paint.net\System.IO.Compression.Brotli.dll C:\Program Files\paint.net\System.IO.Compression.dll C:\Program Files\paint.net\System.IO.Compression.FileSystem.dll C:\Program Files\paint.net\System.IO.Compression.ZipFile.dll C:\Program Files\paint.net\System.IO.dll C:\Program Files\paint.net\System.IO.FileSystem.AccessControl.dll C:\Program Files\paint.net\System.IO.FileSystem.dll C:\Program Files\paint.net\System.IO.FileSystem.DriveInfo.dll C:\Program Files\paint.net\System.IO.FileSystem.Primitives.dll C:\Program Files\paint.net\System.IO.FileSystem.Watcher.dll C:\Program Files\paint.net\System.IO.IsolatedStorage.dll C:\Program Files\paint.net\System.IO.MemoryMappedFiles.dll C:\Program Files\paint.net\System.IO.Packaging.dll C:\Program Files\paint.net\System.IO.Pipes.AccessControl.dll C:\Program Files\paint.net\System.IO.Pipes.dll C:\Program Files\paint.net\System.IO.UnmanagedMemoryStream.dll C:\Program Files\paint.net\System.Linq.dll C:\Program Files\paint.net\System.Linq.Expressions.dll C:\Program Files\paint.net\System.Linq.Parallel.dll C:\Program Files\paint.net\System.Linq.Queryable.dll C:\Program Files\paint.net\System.Memory.dll C:\Program Files\paint.net\System.Net.dll C:\Program Files\paint.net\System.Net.Http.dll C:\Program Files\paint.net\System.Net.Http.Json.dll C:\Program Files\paint.net\System.Net.HttpListener.dll C:\Program Files\paint.net\System.Net.Mail.dll C:\Program Files\paint.net\System.Net.NameResolution.dll C:\Program Files\paint.net\System.Net.NetworkInformation.dll C:\Program Files\paint.net\System.Net.Ping.dll C:\Program Files\paint.net\System.Net.Primitives.dll C:\Program Files\paint.net\System.Net.Quic.dll C:\Program Files\paint.net\System.Net.Requests.dll C:\Program Files\paint.net\System.Net.Security.dll C:\Program Files\paint.net\System.Net.ServicePoint.dll C:\Program Files\paint.net\System.Net.Sockets.dll C:\Program Files\paint.net\System.Net.WebClient.dll C:\Program Files\paint.net\System.Net.WebHeaderCollection.dll C:\Program Files\paint.net\System.Net.WebProxy.dll C:\Program Files\paint.net\System.Net.WebSockets.Client.dll C:\Program Files\paint.net\System.Net.WebSockets.dll C:\Program Files\paint.net\System.Numerics.dll C:\Program Files\paint.net\System.Numerics.Vectors.dll C:\Program Files\paint.net\System.ObjectModel.dll C:\Program Files\paint.net\System.Printing.dll C:\Program Files\paint.net\System.Private.CoreLib.dll C:\Program Files\paint.net\System.Private.DataContractSerialization.dll C:\Program Files\paint.net\System.Private.Uri.dll C:\Program Files\paint.net\System.Private.Xml.Linq.dll C:\Program Files\paint.net\System.Reflection.DispatchProxy.dll C:\Program Files\paint.net\System.Reflection.dll C:\Program Files\paint.net\System.Reflection.Emit.dll C:\Program Files\paint.net\System.Reflection.Emit.ILGeneration.dll C:\Program Files\paint.net\System.Reflection.Emit.Lightweight.dll C:\Program Files\paint.net\System.Reflection.Extensions.dll C:\Program Files\paint.net\System.Reflection.Metadata.dll C:\Program Files\paint.net\System.Reflection.MetadataLoadContext.dll C:\Program Files\paint.net\System.Reflection.Primitives.dll C:\Program Files\paint.net\System.Reflection.TypeExtensions.dll C:\Program Files\paint.net\System.Resources.Extensions.dll C:\Program Files\paint.net\System.Resources.Reader.dll C:\Program Files\paint.net\System.Resources.ResourceManager.dll C:\Program Files\paint.net\System.Resources.Writer.dll C:\Program Files\paint.net\System.Runtime.CompilerServices.Unsafe.dll C:\Program Files\paint.net\System.Runtime.CompilerServices.VisualC.dll C:\Program Files\paint.net\System.Runtime.dll C:\Program Files\paint.net\System.Runtime.Extensions.dll C:\Program Files\paint.net\System.Runtime.Handles.dll C:\Program Files\paint.net\System.Runtime.InteropServices.dll C:\Program Files\paint.net\System.Runtime.InteropServices.JavaScript.dll C:\Program Files\paint.net\System.Runtime.InteropServices.RuntimeInformation.dll C:\Program Files\paint.net\System.Runtime.Intrinsics.dll C:\Program Files\paint.net\System.Runtime.Loader.dll C:\Program Files\paint.net\System.Runtime.Numerics.dll C:\Program Files\paint.net\System.Runtime.Serialization.dll C:\Program Files\paint.net\System.Runtime.Serialization.Formatters.dll C:\Program Files\paint.net\System.Runtime.Serialization.Json.dll C:\Program Files\paint.net\System.Runtime.Serialization.Primitives.dll C:\Program Files\paint.net\System.Runtime.Serialization.Xml.dll C:\Program Files\paint.net\System.Security.AccessControl.dll C:\Program Files\paint.net\System.Security.Claims.dll C:\Program Files\paint.net\System.Security.Cryptography.Algorithms.dll C:\Program Files\paint.net\System.Security.Cryptography.Cng.dll C:\Program Files\paint.net\System.Security.Cryptography.Csp.dll C:\Program Files\paint.net\System.Security.Cryptography.dll C:\Program Files\paint.net\System.Security.Cryptography.Encoding.dll C:\Program Files\paint.net\System.Security.Cryptography.OpenSsl.dll C:\Program Files\paint.net\System.Security.Cryptography.Pkcs.dll C:\Program Files\paint.net\System.Security.Cryptography.Primitives.dll C:\Program Files\paint.net\System.Security.Cryptography.ProtectedData.dll C:\Program Files\paint.net\System.Security.Cryptography.X509Certificates.dll C:\Program Files\paint.net\System.Security.Cryptography.Xml.dll C:\Program Files\paint.net\System.Security.dll C:\Program Files\paint.net\System.Security.Permissions.dll C:\Program Files\paint.net\System.Security.Principal.dll C:\Program Files\paint.net\System.Security.Principal.Windows.dll C:\Program Files\paint.net\System.Security.SecureString.dll C:\Program Files\paint.net\System.ServiceModel.Web.dll C:\Program Files\paint.net\System.ServiceProcess.dll C:\Program Files\paint.net\System.Text.Encoding.CodePages.dll C:\Program Files\paint.net\System.Text.Encoding.dll C:\Program Files\paint.net\System.Text.Encoding.Extensions.dll C:\Program Files\paint.net\System.Text.Encodings.Web.dll C:\Program Files\paint.net\System.Text.Json.dll C:\Program Files\paint.net\System.Text.RegularExpressions.dll C:\Program Files\paint.net\System.Threading.AccessControl.dll C:\Program Files\paint.net\System.Threading.Channels.dll C:\Program Files\paint.net\System.Threading.dll C:\Program Files\paint.net\System.Threading.Overlapped.dll C:\Program Files\paint.net\System.Threading.Tasks.Dataflow.dll C:\Program Files\paint.net\System.Threading.Tasks.dll C:\Program Files\paint.net\System.Threading.Tasks.Extensions.dll C:\Program Files\paint.net\System.Threading.Tasks.Parallel.dll C:\Program Files\paint.net\System.Threading.Thread.dll C:\Program Files\paint.net\System.Threading.ThreadPool.dll C:\Program Files\paint.net\System.Threading.Timer.dll C:\Program Files\paint.net\System.Transactions.dll C:\Program Files\paint.net\System.Transactions.Local.dll C:\Program Files\paint.net\System.ValueTuple.dll C:\Program Files\paint.net\System.Web.dll C:\Program Files\paint.net\System.Web.HttpUtility.dll C:\Program Files\paint.net\System.Windows.Controls.Ribbon.dll C:\Program Files\paint.net\System.Windows.dll C:\Program Files\paint.net\System.Windows.Extensions.dll C:\Program Files\paint.net\System.Windows.Forms.Design.dll C:\Program Files\paint.net\System.Windows.Forms.Design.Editors.dll C:\Program Files\paint.net\System.Windows.Forms.dll C:\Program Files\paint.net\System.Windows.Forms.Legacy.dll C:\Program Files\paint.net\System.Windows.Forms.Primitives.dll C:\Program Files\paint.net\System.Windows.Input.Manipulations.dll C:\Program Files\paint.net\System.Windows.Presentation.dll C:\Program Files\paint.net\System.Xaml.dll C:\Program Files\paint.net\System.Xml.dll C:\Program Files\paint.net\System.Xml.Linq.dll C:\Program Files\paint.net\System.Xml.ReaderWriter.dll C:\Program Files\paint.net\System.Xml.Serialization.dll C:\Program Files\paint.net\System.Xml.XDocument.dll C:\Program Files\paint.net\System.Xml.XmlDocument.dll C:\Program Files\paint.net\System.Xml.XmlSerializer.dll C:\Program Files\paint.net\System.Xml.XPath.dll C:\Program Files\paint.net\System.Xml.XPath.XDocument.dll C:\Program Files\paint.net\TerraFX.Interop.Windows.dll C:\Program Files\paint.net\UIAutomationClient.dll C:\Program Files\paint.net\UIAutomationClientSideProviders.dll C:\Program Files\paint.net\UIAutomationProvider.dll C:\Program Files\paint.net\UIAutomationTypes.dll C:\Program Files\paint.net\WindowsBase.dll C:\Program Files\paint.net\WindowsFormsIntegration.dll